xrootd: authentication

The xrootd specs have a number of things to say about authentication:

• kXR_auth
• kXR_authmore
• Authentication & Access Control Configuration Reference

xrdsec support 6 authentication protocols:

• host: authenticates a user by originating host name only,
• gsi: authenticates a user using GSI protocol,
• krb5: authenticates a user using Kerberos V protocol, and
• pwd: authenticates a user using a password-based protocol
• sss: authenticates a user using a simple shared secret protocol
• unix: authenticates using the Unix login name and group name

For kerberos, we might use:

• https://github.com/jcmturner/gokrb5

For GSI, something on top of crypto/x509+crypto/tls might be used/developed. Current specs:

• https://en.wikipedia.org/wiki/Grid_Security_Infrastructure
• http://toolkit.globus.org/ftppub/globus/papers/security.pdf
• gsi-msg-specs.pdf (retrieved from http://toolkit.globus.org/toolkit/docs/6.0/gsic/developer/index.html#gsic-protocol)